I'm actually quite hopeful on the DomainKeys implementation, for the reasons I'll list here. SPF is a good attempt at a method of "Reverse MX", but ultimately will fail due to the forwarding problem. DomainKeys, however, uses the only true method of Sender Authentication - a proven foundation of PKI encryption on which to build the next generation of email.
To date, it is true Sender Authentication which has been missing from allowing email to become a more secure and legal means of doing business. The use of encyption in email is a sorry state of affairs - few use it even when it is available to them. SMTP Authentication is available but hardly used and rarely enforced.
DomainKeys presents a new opportunity for accountability (through the infamous Web of Trust model) and the wider acceptance of encryption in email. When an ISP/Company signs a message with it's DomainKey, there will be an implicit stamp of approval on that message. Accountability is assumed, and identification is guaranteed. Policy decisions can then be set upon that level of identification. This accountability will force the usage of SMTP AUTH, thereby pushing accountability down to the level of the end user. Simultaneously, the wider use of server-level encryption encourages best (or at least, better) practices by corporations and individuals alike, as needed.
So, while my hopes will likely be dashed upon the rocks as lazy CTOs and admins will ultimately deem DomainKeys as "too expensive, too complex, too much", I still dare to dream that good authentication using good encryption will ultimately lift the state of email as a whole.
Slashdot Mirror
I'm actually quite hopeful on the DomainKeys implementation, for the reasons I'll list here. SPF is a good attempt at a method of "Reverse MX", but ultimately will fail due to the forwarding problem. DomainKeys, however, uses the only true method of Sender Authentication - a proven foundation of PKI encryption on which to build the next generation of email.
To date, it is true Sender Authentication which has been missing from allowing email to become a more secure and legal means of doing business. The use of encyption in email is a sorry state of affairs - few use it even when it is available to them. SMTP Authentication is available but hardly used and rarely enforced.
DomainKeys presents a new opportunity for accountability (through the infamous Web of Trust model) and the wider acceptance of encryption in email. When an ISP/Company signs a message with it's DomainKey, there will be an implicit stamp of approval on that message. Accountability is assumed, and identification is guaranteed. Policy decisions can then be set upon that level of identification. This accountability will force the usage of SMTP AUTH, thereby pushing accountability down to the level of the end user. Simultaneously, the wider use of server-level encryption encourages best (or at least, better) practices by corporations and individuals alike, as needed.
So, while my hopes will likely be dashed upon the rocks as lazy CTOs and admins will ultimately deem DomainKeys as "too expensive, too complex, too much", I still dare to dream that good authentication using good encryption will ultimately lift the state of email as a whole.
-t